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The client can include features that effectively prevent software executed on the 
client or the operator of the client from interfering with the server verification and 
authorization procedures of the invention. For example, the encryption key can be encoded 
on an integrated circuit at the client to prevent the key from becoming publicly known. 
Furthermore, the integrated circuit can have multiple encryption keys encoded thereon, with 
one of the keys being selected at random in each authorization procedure. 

Certain registers at the client, such as those that specify the level of authorization of 
the client, can be controlled by the server without the intervention of software at the client. 
In particular, the server sends encrypted information to the client, where it can be decrypted 
by a decryption key encoded in an application-specific integrated circuit and then written to 
control registers. Thus, once the server verifies the identity of the client, the appropriate 
level of authorization can be maintained, even if the security of client software is breached. 
The authorized server, at its discretion, can also make any of a wide range of requests to the 
client to ensure that the client is authorized to receive network resources. For example, the 
client machine identifier can be independently verified by the server. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



In order that the manner in which the above-recited and other advantages and objects 
of the invention are obtained, a more particular description of the invention briefly described 
above will be rendered by reference to specific embodiments thereof which are illustrated in 
the appended drawings. Understanding that these drawings depict only typical embodiments 
of the invention and are not therefore to be considered limiting of its scope, the invention 
will be described and explained with additional specificity and detail through the use of the 
accompanying drawings in which: 

Figure 1 is a schematic diagram illustrating a network environment in which the 
invention may be implemented. 

Figure 2 is a schematic diagram illustrating one embodiment of a client system for 
use with the invention. 

Figure 3 is a schematic diagram depicting a client and a server interacting to verify 
the authorization of the server to provide network resources to the client. 

Figure 4 is schematic diagram illustrating the client of Figure 3 in greater detail, 
including features for generating an encrypted client message and for comparing a random 
number contained in a service message with a random number contained in the client 
message. 

Figure 5 is a schematic diagram illustrating the server of Figure 3 in greater detail, 
including features for decrypting the client message and generating an encrypted service 
message. 

Figure 6 is a schematic diagram showing the manner in which an application-specific 
integrated circuit at the client can decrypt authorization information received from the server 
using an encoded decryption key according to one embodiment of the invention. 
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Figxire 7 is a schematic diagram illustrating an alternative embodiment in which a 
smart card is used in conjimction with the client to verify that the server is authorized to 
provide network resources. 

Figure 8 is a flow diagram depicting a method for generating an encrypted client 
message that includes a random number. 

Figure 9 is a flow diagram illustrating a method for decrypting the client message at 
the authorized server and generating an encrypted service message that incorporates the 
random number. 

Figure 10 is a flow diagram illustrating a method for decrypting the service message 
and comparing the random number included in the service message with the random number 
included in the client message. 
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